Improve company productivity with a Business Account.Sign Up
If you encrypt on the database, that means the data is sent to and from the database in unencrypted form. This potentially allows for snooping/tampering between the application and the encryption routines on the database. Even if you store the key on the application side, it is still required on the database side to perform encryption. If the database is compromised, your data is at serious risk (just imagine someone running profiler while your application runs).
If you encrypt/decrypt in the application, sensitive data (including the key) is never revealed outside of the application server. Someone would have to compromise both the Web server and database server to access all of your data.
WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network. Check out this quarters report on the threats that shook the industry in Q4 2017.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Please enter a first name
Please enter a last name
Must be at least 4 characters long.
Join and Comment
From novice to tech pro — start learning today.
Premium members can enroll in this course at no extra cost.